[00:00.000 --> 00:02.700]  And OBD, what can we do with it?
[03:10.310 --> 03:18.150]  So OBD-2 is a port that is usually located in the footwell of the driver's side of a car.
[03:18.150 --> 03:21.570]  It's been mandated in cars since 1996.
[03:21.750 --> 03:27.690]  OBD-2 standard itself defines both the electrical interface and messages.
[03:27.690 --> 03:38.430]  Primarily the DTCs created to be used as a standard way for vehicles of any manufacturer to allow independent repair shops and dealers to test for emissions.
[03:39.070 --> 03:41.950]  OBD-2 is a 16-pin connector port.
[03:41.950 --> 03:52.310]  Although only 9 pins are mandated by the standard itself, most vehicles include an additional connectivity such as GM LAN or Chrysler CCD.
[03:52.670 --> 04:05.010]  They are used at the dealership, for example, to update software on the ECUs, to perform additional software testing, or to troubleshoot problems specific to that vehicle's make and model.
[04:07.700 --> 04:09.140]  Aftermarket OBD-2
[04:09.140 --> 04:16.140]  At first, only standard OBD-2 connectors were able to read diagnostic information.
[04:16.140 --> 04:23.920]  Manufacturers have been able to over the years reverse engineer the communication architectures to enhance their own offerings.
[04:23.920 --> 04:41.620]  With the advent of inexpensive cellular, Wi-Fi, and Bluetooth components, aftermarket OBD-2 manufacturers have expanded their products to include entirely new classes of services, such as pay-by-the-mile insurance, vehicle use tracking, and commercial fleet management.
[04:42.060 --> 04:44.080]  So what can we do with this?
[04:44.080 --> 05:01.580]  Way more than transmitting DTC. CAN controls hundreds, if not thousands of sensors and ECUs that control everything from operating the vehicle, steering, accelerating, braking, all the way to infotainment and locking the doors.
[05:01.580 --> 05:06.100]  All this information is being passed over the CAN bus.
[05:06.100 --> 05:11.200]  The CAN bus is nothing more than a TCP-based packet switching network.
[05:11.200 --> 05:18.420]  This is the same stuff that you see on your day-to-day jobs and most organizations' IT infrastructure.
[05:18.780 --> 05:27.560]  The CAN protocol sends all this data to all the nodes on each giving bus, and each CAN frame includes a destination address.
[05:27.680 --> 05:29.540]  How do we attack it?
[05:29.540 --> 05:40.920]  OBD-2 aftermarket devices can potentially retrieve CAN traffic from outside of the vehicle from something like a Wi-Fi connectivity.
[05:40.920 --> 05:47.500]  And pass it through unfiltered internal CAN bus through OBD-2 ports.
[05:47.500 --> 05:57.420]  So nodes inside of the CAN network on the CAN bus are expected to ignore traffic that's not addressed to them.
[05:57.420 --> 06:00.400]  But CAN frames don't have source addresses.
[06:00.400 --> 06:06.320]  So there's no way for you to be able to tell legit data from spoof data.
[06:06.320 --> 06:11.480]  This is where our journey begins as security researchers.
[06:11.480 --> 06:19.700]  And for us to be able to go and continue to reverse engineer these protocols to understand exactly what's happening over these CAN buses.
[06:19.700 --> 06:29.500]  For us to be able to use things such as OBD-2 potentially leveraging connectivity that's being built into the vehicles such as Wi-Fi or Bluetooth.
[06:29.500 --> 06:37.160]  For us to be able to utilize those connectivities to leverage that to further attack.
[06:38.820 --> 06:43.100]  Thank you. And if you have any questions, please don't hesitate to reach out.
[06:43.360 --> 06:45.240]  My Twitter is Infinite.
[06:45.240 --> 06:46.620]  And take care.
